Maxim Burgerhout: Building ipa-server for aarch64 on a Raspberry Pi 3 and CentOS7

What?

I want to run IPA server (FreeIPA, IdM) on my Raspberry Pi 3. This allows me to connect Satellite servers, Ansible Tower servers and whatnot to an instance of IdM that I don’t have to setup everytime, is always running and is actually used.

Is there a problem?

A bit. The specfile for ipa-server has a line reading %ifarch x86_64 %{ix86}. This will prevent building ipa-server on any platform except for x86_64. I’m not sure why this is, but it means I have to build the RPM myself. And luckily for me, it builds fine 🙂

The setup

My RPi3 runs CentOS7 for aarch64, based on the image that is available for download here. All in all, it works pretty well, with some caveats. One of those caveats is that the standard mock RPM doesn’t provide a configuration file for aarch64.

Hence, if you want to start using mock to build RPMs on your RPi3, create a file called epel-7-aarch64.cfg and put the following content in it:

The specfile

Install the source RPM as an unpriviliged user and enter the newly created ~/rpmbuild/SPECS directory. Open the ipa.spec and make sure you edit the following lines.

Edit the line reading %ifarch x86_64 %{ix86} to read %ifarch x86_64 %{ix86} aarch64. In the version of the specfile I’m working with, that is line 12.

Edit the line reading Release: 14%{?dist}.7 to read Release: 14%{?dist}.7identifier. I usually use maxim as my identifier. You need add this to distinguish your version of the resulting RPMs (e.g. ipa-client) from the version supplied by the official repositories.[1] This is at line 46 in my specfile.

Then, finally, add a new entry in the %changelog section (starting at line 1551 for me). Make sure you reference the right version of the RPM. My last one looks like this:

Building the actual RPMs

Installing the results

After building (which will take a while), the resulting RPMs will be available in /var/lib/mock/centos-7-aarch64/result. I usually go in there and run sudo createrepo . and then add a ipa.repo configuration file to /etc/yum.repos.d that reads: